Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords
RFC 8265
Yes
No Objection
Recuse
Note: This ballot was opened for revision 08 and is now closed.
Alvaro Retana No Objection
Warren Kumari No Objection
Taking a page from Benoit's playbook, here is a diff from RFC7613: https://tools.ietf.org/tools/rfcdiff/rfcdiff.pyht?url1=https://tools.ietf.org/id/draft-ietf-precis-7613bis-08.txt&url2=https://tools.ietf.org/rfc/rfc7613.txt (I feel really stupid for not realizing this earlier, but diff'ing a -bis from the base RFC is a: obvious and b: really useful for understanding which bits need more review)
(Adam Roach; former steering group member) Yes
(Ben Campbell; former steering group member) Yes
(Alia Atlas; former steering group member) No Objection
(Alissa Cooper; former steering group member) No Objection
(Benoît Claise; former steering group member) No Objection
(Deborah Brungard; former steering group member) No Objection
(Eric Rescorla; former steering group member) No Objection
I agree with jsalowey's point about discouraging raw password comparison. Can you do something about that? The use of "false positive" is confusing because positive can either mean "accept" or "reject". I would use "false accept" or "false reject" or some other clearer term
(Mirja Kühlewind; former steering group member) No Objection
(Spencer Dawkins; former steering group member) No Objection
(Suresh Krishnan; former steering group member) No Objection
(Terry Manderson; former steering group member) No Objection
(Alexey Melnikov; former steering group member) Recuse
I am a co-editor.